Md5 and dictionary words
Md5 and dictionary words
ghost | 3841 Reads | What is this article about: Alot of times people are to stupid to use dictionary word as a password. (Web)programmers know that dictionary words as password are unsave. But alot of time’s they forget that “normal” people still use dictionary word as passwords and they don’t “protect” there site for this.
Exemple: Lets say a website maker decrypt his members passwords as md5. He thinks his members are save. Even if a hacker gets a md5 hash or database backup. Because he thinks md5 can’t be decryted. Now a member’s password is “secret” and the hash is 5ebe2294ecd0e0f08eab7690d2a6ee69.
Using a simple Md5 lookup table (www.md5lookup.com) we can find the password; “secret”. (brute forcing it would ofcourse work but would take longer.)
Prevent it: This is easy. -You can add a prefix to the password. -You can also double crypt it -Or both (php example)
<?php
$password = "secret";
$salt = "567_";
$new_password = md5(crypt($password, $salt)); /*thanks to Grindordie for the tip on the crypt function so it isnt random*/
echo "Dubbel encryted hash: ".$new_password;
?>```
This will make a0b6da60b13c51db029f75f33e4c139f. Cracking that would be alot harder.
Because encryting this won’t make a dictionary word and have to be brute forced.
Saving $new_password to the database would be saver. Then Just $password.
Decrypting it isn’t impossible because every encrytion can be decrypted using brute force.
But it would be very hard and take ages.
**The end:**
That was it.
Please rate.
Goofy
ghost 17 years ago
Well if the personn don't know it's salted it's harder to decrypt for sure but if he know how it's salted it's the same as cracking a normal md5 hash. BTW double encryption have already been covered on this site try to post new stuff not stuff that we have seen over and over.